1. Field of the Invention
The present disclosure relates generally to storage system access management, and, in particular, to methods, apparatuses, and computer program products for protecting pre-staged provisioned data in a storage system.
2. Description of Background
A storage system may support multiple host servers with multiple host images per host server that are dynamically reconfigured over a period of time. The storage system can include multiple networks, such as one or more storage area networks (SANs) and/or local area networks (LANs) for accessing shared storage resources. For example, a pool of disks accessible via the storage system may include data for provisioning host images to execute operating systems such as: UNIX®, UNIX-like operating systems (e.g., Solaris®, Linux®, AIX®), Microsoft® Windows®, and IBM® z/OS®. The data associated with each host image may require some level of protection from access by the other host images. The host images can be part of a virtualized environment that supports allocation of resources in a virtualization layer across multiple physical devices. Such an environment allows common physical hardware to be reconfigured using logical partitions (LPARs) to switch between host images on a host server. The process of reconfiguration to support different host images is also referred to as provisioning. For example, an LPAR in a host server can be provisioned to execute a Linux® host image for a period of time to support one customer, and then be re-provisioned to execute an AIX® host image at a later period to support another customer.
When one or more host images have access to multiple sets of storage, which are then enabled to allow physical access below the virtualization layer, certain problems can exist. These problems can include security of data, where host images can view data allocated to other host images. Protection of the data itself can also be challenging, as host images may manipulate data belonging to other host images without any knowledge of the data owner. In these scenarios, the resulting security issues can be disruptive and harmful to businesses utilizing the storage system.
Currently, existing solutions to handle one or more host images accessing multiple sets of storage involves removing physical access below the virtualization layer by not providing world wide port names (WWPNs) to locate access control information on storage devices in the storage system. The storage devices can be accessed using logical unit numbers (LUNs) to define addresses of virtual partitions. When physical access is required to the LUNs, individual WWPNs are applied.
When a new host image is provisioned via virtualization there is a need for contemporaneous action coordinated between the storage devices and the host server provisioning control mechanism to apply the correct WWPNs to the LUNS. This is usually an error prone process and takes additional processing time, which delays the provisioning of the next host image and reduces utilization of the physical resources. It would be beneficial to develop an approach to support pre-staging of provisioned data in a storage system such that the provisioned data is ready on demand and protected from other host images while inactive. What is needed, therefore, is a way to protect pre-staged provisioned data in a storage system.